Internet Assigned Numbers Authority

CBOR Web Token (CWT) Claims

Last Updated
Available Formats



Plain text

Registries included below

CBOR Web Token (CWT) Claims

Mike Jones, Hannes Tschofenig, Chuck Mortimore, Ludwig Seitz
Registration requests should be sent to the mailing list described in 
[RFC8392]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact
Available Formats

Range Registration Procedures
Integer values from -256 to 255 Standards Action
Integer values from -65536 to -257 Specification Required
Integer values from 256 to 65535 Specification Required
Integer values greater than 65535 Expert Review
Strings of length 1 Standards Action
Strings of length 2 Specification Required
Strings of length greater than 2 Expert Review
Claim Name Claim Description JWT Claim Name Claim Key Claim Value Type Change Controller Reference
Reserved for Private Use less than -65536 [RFC8392]
Unassigned -65536 to -261
hcert Health Certificate hcert -260 map [European_eHealth_Network] [Electronic Health Certificate Specification]
EUPHNonce Challenge Nonce EUPHNonce -259 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EATMAROEPrefix Signing prefix for multi-app restricted operating environments EATMAROEPrefix -258 bstr [FIDO_Alliance] [FIDO Device Onboard Specification]
EAT-FDO EAT-FDO may contain related to FIDO Device Onboarding EAT-FDO -257 array [FIDO_Alliance] [FIDO Device Onboard Specification]
Unassigned -256 to -1
Reserved This registration reserves the key value 0 0 [IESG] [RFC8392]
iss Issuer iss 1 text string [IESG] [RFC8392]
sub Subject sub 2 text string [IESG] [RFC8392]
aud Audience aud 3 text string [IESG] [RFC8392]
exp Expiration Time exp 4 integer or floating-point number [IESG] [RFC8392]
nbf Not Before nbf 5 integer or floating-point number [IESG] [RFC8392]
iat Issued At iat 6 integer or floating-point number [IESG] [RFC8392]
cti CWT ID jti 7 byte string [IESG] [RFC8392]
cnf Confirmation cnf 8 map [IESG] [RFC8747]
scope The scope of an access token, as defined in [RFC6749]. scope 9 byte string or text string [IESG] [RFC8693, Section 4.2]
Nonce Nonce (TEMPORARY - registered 2022-03-23, expires 2023-03-23) nonce 10 byte string [IESG] [OpenID Connect Core 1.0][draft-ietf-rats-eat-12]
Unassigned 11 to 37
ace_profile The ACE profile a token is supposed to be used with. ace_profile 38 integer [IETF] [RFC9200, Section 5.10]
cnonce The client-nonce sent to the AS by the RS via the client. cnonce 39 byte string [IETF] [RFC9200, Section 5.10]
exi The expiration time of a token measured from when it was received at the RS in seconds. exi 40 unsigned integer [IETF] [RFC9200, Section 5.10.3]
Unassigned 41 to 255
UEID The Universal Entity ID (TEMPORARY - registered 2022-03-23, expires 2023-03-23) ueid 256 byte string [IESG] [draft-ietf-rats-eat-12]
SUEIDs Semi-permanent UEIDs (TEMPORARY - registered 2022-03-23, expires 2023-03-23) sueids 257 map [IESG] [draft-ietf-rats-eat-12]
Hardware OEMID Hardware OEM ID (TEMPORARY - registered 2022-03-23, expires 2023-03-23) oemid 258 byte string or integer [IESG] [draft-ietf-rats-eat-12]
Hardware Model Model identifier for hardware (TEMPORARY - registered 2022-03-23, expires 2023-03-23) hwmodel 259 byte string [IESG] [draft-ietf-rats-eat-12]
Hardware Version Hardware Version Identifier (TEMPORARY - registered 2022-03-23, expires 2023-03-23) hwversion 260 array [IESG] [draft-ietf-rats-eat-12]
Unassigned 261
Secure Boot Indicate whether the boot was secure (TEMPORARY - registered 2022-03-23, expires 2023-03-23) secboot 262 Boolean [IESG] [draft-ietf-rats-eat-12]
Debug Status Indicate status of debug facilities (TEMPORARY - registered 2022-03-23, expires 2023-03-23) dbgstat 263 integer [IESG] [draft-ietf-rats-eat-12]
Location The geographic location (TEMPORARY - registered 2022-03-23, expires 2023-03-23) location 264 map [IESG] [draft-ietf-rats-eat-12]
Profile Indicates the EAT profile followed (TEMPORARY - registered 2022-03-23, expires 2023-03-23) eat_profile 265 URI or OID [IESG] [draft-ietf-rats-eat-12]
Submodules Section The section containing submodules (TEMPORARY - registered 2022-03-23, expires 2023-03-23) submods 266 map [IESG] [draft-ietf-rats-eat-12]
Unassigned 267 to 2393
psa-client-id PSA Client ID N/A 2394 signed integer [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-security-lifecycle PSA Security Lifecycle N/A 2395 unsigned integer [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-implementation-id PSA Implementation ID N/A 2396 byte string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-boot-seed PSA Boot Seed N/A 2397 byte string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-certification-reference PSA Certification Reference N/A 2398 text string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-software-components PSA Software Components N/A 2399 array [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
psa-verification-service-indicator PSA Verification Service Indicator N/A 2400 text string [Hannes_Tschofenig] [draft-tschofenig-rats-psa-token-09]
Unassigned 2401 to 65535

CWT Confirmation Methods

Registration Procedure(s)
Specification Required
Ludwig Seitz, Mike Jones
Registration requests should be sent to the mailing list described in 
[RFC8747]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact
Available Formats

Confirmation Method Name Confirmation Method Description JWT Confirmation Method Name Confirmation Key Confirmation Value Type Change Controller Reference
COSE_Key COSE_Key Representing Public Key jwk 1 COSE_Key structure [IESG] [RFC8747, Section 3.2]
Encrypted_COSE_Key Encrypted COSE_Key jwe 2 COSE_Encrypt or COSE_Encrypt0 structure (with an optional corresponding COSE_Encrypt or COSE_Encrypt0 tag) [IESG] [RFC8747, Section 3.3]
kid Key Identifier kid 3 binary string [IESG] [RFC8747, Section 3.4]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation osc 4 map [IETF] [RFC9203, Section 3.2.1]

Contact Information

ID Name Contact URI Last Updated
[European_eHealth_Network] European eHealth Network mailto:jakob& 2021-04-15
[FIDO_Alliance] FIDO Alliance mailto:iana-request& 2021-03-05
[Hannes_Tschofenig] Hannes Tschofenig mailto:hannes.tschofenig& 2022-07-27
[IESG] IESG mailto:iesg& 2018-05-04
[IETF] IETF mailto:iesg&